Getting Data In

Start a Conversation

Discussions

Start a Conversation

Thread Info

Installing a universal forwarder in low privilege mode, why am I getting error "Deployment Server not available on a dedicated forwarder"?

Our admin created me a regular domain user to test low P and assigned it these privileges: • Permission to log on ...

by Motivator in

Why do our Heavy Forwarders randomly shut down one of its parallel pipelines?

Hi, We've recently tested out a new path for data to flow into our Splunk environment from Universal Forwarders.We...

by Explorer in

How can I extrac fields depending on the type of event?

Hi, if I had logs as such wirn different type data in the same sourcetype: " < 134 > Nov...

by Explorer in

What special capabilities (permissions) are required to run the REST API?

Hi, What special capabilities (permissions) are required to run the REST API? A colleague and I are both running o...

by Explorer in

Receiving an error while using the mvexpand command (does not exist in the data)

Hi everyone,currently, i am trying to expand one of the multiple field values but i am getting the result with the be...

by Communicator in

How to route the logs from certain host to index=abc_secure?

Hi Team, [host::1.(xx|xx).xx.xx(x|y)]TRANSFORMS-change_index_abc_secure = change_index_abc_secure [change_...

by Builder in

Splunk TA For MSCS - Event Hubs input issues

We are using the Event Hubs modular input from the SPlunk TA for Microsoft Cloud Services. In our system, we have c...

by Loves-to-Learn Everything in

How to distribute big data(logs) in different times of the day.

Hi folks, I have an issue with a HF, I'm getting some spikes reaching the 100% when sending data to Splunk Cloud. T...

by Path Finder in

How to create multiple Sourcetype for one source?

I have 4 different kind of logs that is coming from one source (sample logs are below). I would like to configure thi...

by Engager in

Splunk file and directory monitoring- Am I configuring correctly?

Hello having some confusing problems with Splunk permissions that I am trying to understand. Little background we upg...

by Communicator in

Heavy forwarder setup - looking at clustering or other HA options

Hi all, I'm new to this forum and found quite a few ideas and solutions to issues admins hit. The organisation I ...

by Observer in

Does SPLUNK require K8S clusters to have unique pod and service CIDR's

I am setting up a number of Kubernetes clusters in my organisation. We are using SPLUNK for monitoring. I have been t...

by New Member in

Free trial- What is the correct HEC-url?

Hi, I have recently created a splunk-cloud free trial. I then wanted to create a HEC-collector. I went to : http...

by New Member in

Why does CURL script fails to output when called by Splunk?

Hi Guys, I'm pulling m hair out trying to get my CURL script to run. I've set up a scripted input in my app, it...

by New Member in

UDP and the 1472 bytes limit

We are receiving syslog data via UDP and we noticed that some data is missing. When running - tcpdump -i eth...

by Motivator in

DB Connect Addon Integration Issue - Microsoft SQL Server 2012

Hello Team, We are trying to integrate one of the SQL data base using the splunk db connect add-on and we are getti...

by Path Finder in

Why is Windows Event Log Whitelist not working?

Running a Windows 2012 R2 DHCP Server with UF 9.0.1 and Splunk Enterprise 8.0.5. My inputs at the UF look like this: ...

by Contributor in

SC4S and Palo Alto log sources- Where can I find logs?

New install and new to splunk. SC4S issue. Professional Service left earlier in the week. Firewall and panorama lo...

by Engager in

How do you monitor IBM VIOS ?

Hello, We have IBM VIOS servers running AIX and we need to monitor them, mainly in term of Security. Is there any...

by Contributor in

What is the best way to reload Windows event log data?

I want to reload Windows event log data from the beginning of time for all hosts and remove all event log data that i...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Installing a universal forwarder in low privilege mode, why am I getting error "Deployment Server not available on a dedicated forwarder"?

Why do our Heavy Forwarders randomly shut down one of its parallel pipelines?

How can I extrac fields depending on the type of event?

What special capabilities (permissions) are required to run the REST API?

Receiving an error while using the mvexpand command (does not exist in the data)

How to route the logs from certain host to index=abc_secure?

Splunk TA For MSCS - Event Hubs input issues

How to distribute big data(logs) in different times of the day.

How to create multiple Sourcetype for one source?

Splunk file and directory monitoring- Am I configuring correctly?

Heavy forwarder setup - looking at clustering or other HA options

Does SPLUNK require K8S clusters to have unique pod and service CIDR's

Free trial- What is the correct HEC-url?

Why does CURL script fails to output when called by Splunk?

UDP and the 1472 bytes limit

DB Connect Addon Integration Issue - Microsoft SQL Server 2012

Why is Windows Event Log Whitelist not working?

SC4S and Palo Alto log sources- Where can I find logs?

How do you monitor IBM VIOS ?

What is the best way to reload Windows event log data?

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation

Do we have a Splunk script that will tell us the t...

Documentation for AWS app for S3

Why are Splunk some logs missing from kiwi syslog?

Get Blob Data W/O Key or SAS Token (use service ac...

Splunk Ingest Actions - Using Eval Expression Synt...